Cloud Security Hardening

Protect business Critical Systems

How to identify Cloud risks?​

Any cybersecurity hardening phase begins with an audit phase. We have developed cloud security audit processes for the following environments:

  • Microsoft 365
  • Google Workspace
  • Google Cloud Platform
  • Microsoft Azure
  • AWS
  • Oracle Cloud Infrastructure – OCI

For each environment, we would need a restricted Global Reader access which will allow us to audit several elements that may constitute risks of vulnerabilities. Each element is classified by a level of severity.

This audit results in a report detailing the risks by severity and an action plan for hardening the configurations of the Cloud environment.

What system can be hardened?

We believe that Cloud is more secure than other environments because it relies on a strong underlying infrastructure which is more secure than most of the on premise environments built in the enterprise. Furthermore, cloud environments incorporate all the necessary security technologies in order to operate safely and securely.

It is the cloud provider’s responsibility to secure the underlying infrastructure (data center, network,  hardware & hypervisor), however it is the client’s responsibility to secure the environment he is leasing.

In this shared responsibility model, the responsibility is devided between the client and the cloud provider, the following illustration explains it in more details for three types of services (IAAS, PAAS & SAAS)

The Shared Responsibility Model


How does EXEO secures those systems?

Part of the Cybersecurity services EXEO provides is to harden the client environment in order to maximize the security of the hosted services and minimize the possibility of threats.

We have built our cloud systems hardening procedures based on the Common Internet Security (CIS) benchmarks and controls.

Based on these industry leading security recommendations, we maintain predefined checklists of controls and have developed our own standard operating procedures in order to perform the security hardening

Hardening the environment also makes monitoring more effective at detecting threats, by focusing on the incidents that require attention. If you would like to know more about how we help our clients stay secure, you can also check our managed security service page.

Cloud Security Hardening

Through 2025, 99% of cloud security failures will be the customer’s fault.
Is the Cloud Secure


Systems that we harden

Cloud Security Hardening Services

Cloud Productivity Suites

  • Accounts security
  • Email Deliverability, Spoofing protection
  • Logs and alerts
  • Sharing policies
  • Data leakage
  • Accounts security
  • Email Deliverability, Spoofing protection
  • Threat Protection

Cloud Platforms

  • Identity & Access Management (IAM)
  • Security Center
  • Storage Accounts
  • Database Services
  • Logging & Monitoring
  • Networking
  • Virtual Machines
  • Appservice
  • Identity & Access Management (IAM)
  • Logging & Monitoring
  • Networking
  • Virtual Machines
  • Storage
  • Cloud SQL Database Services
  • BigQuery
  • Identity and Access Management
  • Networking
  • Logging & Monitoring
  • Storage
  • Infrastructure Container Engine for Kubernetes (OKE)

500 security controls.

Database Platforms

  • Surface area reduction
  • Authentication & Authorization
  • Password Policies
  • Auditing & Logging
  • Application Development
  • Encryption
  • Operating System Level Configuration
  • Installation and Planning
  • File System Permissions
  • MySQL Permissions
  • Auditing and Logging
  • Authentication
  • Replication
  • Installation and Patches
  • Directory and File Permissions
  • Logging Monitoring And Auditing
  • User Access and Authorization
  • Connection and Login
  • PostgreSQL Settings
  • Replication
  • Special Configuration Considerations

Cloud Security Hardening FAQ

Hardening limits the vulnerability of the cloud to attacks. It involves specific rules regarding system configuration. Without forgetting a set of good practices.

For the past ten years, companies have been migrating their IT systems to the cloud. 93% of them now use it (Microsoft).

In the face of attacks, the cloud is not infallible. The massive use of telework has weakened the IT security of organizations. In 2020, at the height of the pandemic, 47% of businesses saw an increase in cyberattacks (Thales).

Users are 99% responsible for cloud cybersecurity breaches (Gartner). Adopting a “Cloud Hardening” approach helps create a secure computing environment.

The hardening exercise consists of reducing unused functionalities and closing unnecessary access.
It is therefore essential to carefully study the use of the services before applying the hardening configurations. If the study was not exhaustive upstream of the hardening mission, it is possible that the configurations affect functional services and interrupt them.

The hardening exercise should be prepared and performed with great care.

Cloud functionalities increased on a regular basis. In order to properly cover the entire scope of hardening, we have compiled a methodology based on the following three recommendations:

  • Those of the manufacturer by following all the functionalities
  • Those of the Center for Internet Security
  • The Cloud Security Alliance’s Cloud Control Matrix

Exeo supports its customers in the hardening process.

  • We will first do an audit of the systems to be hardened;
  • Provide a report indicating the controls to be tightened;
  • Obtain the Customer’s agreement for each control;
  • Implement hardening;
  • Monitor the cloud to detect potential threats.
Contact us

Get a quote for our Security Hardening service

Reach out


This methodology requires the most effort to implement but it results in the most optimised recurring cost and will provide the best scalability for apps. This involves re-adapting the code of applications and the heavy use of SAAS solutions in order to replace existing hosted applications.


This method utilizes the power of  PAAS services, like transferring a database to an as-a-service model,  the use of containers for some apps or the use of network/security functions as a service. Greater scalability and lower cost of operation is achieved.

Re-Host (Lift & Shift)

the migration of workloads from  to the cloud without changing the architecture. Machines get to keep their  OS and apps. This is the quickest and easy way to migrate, but since its  utilising IAAS, its is also the most expensive on the long term.